[rsbac] Trusted Path Execution and scripts

tazok tazok.id0 at gmail.com
Wed Jul 19 20:02:00 CEST 2006 

2006/7/19, Jens Kasten <jens at igraltist.dyndns.org>:
>
> hi,
> why you set not on all directorys a rc-type and on all important files l
> like /etc and /var.
> through this, exclude all user wich has no map_exec or read right or
> execute
> or what is nessesary.
> to get access the user must in a rc-role and assign the rc-type to this
> rc-role.
> all other i think get to complicatet, wich is a security file or system
> file
> like this.
> so no removing expilzit the rights form a file or binary, when is get the
> rc-type it will by defautl get nothing.
> than you can build policies for each rc-role , whom allow what.
> and if is an a script after some upgrad then you can easy apply this.
> this policy will also grow quickly, so a good design is recommend. :)
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
>

Imagine this situation: One remote user uses a vulnerability against a local
and unprivilege daemon and get access as a normal user to the system. His
role then would be general_role for example (the default). Then he finds one
kernel bug and try to use it, imagine that ssp and PaX fails to stop it. To
trying it, he needs or write the exploit and use it (or download it to the
system). With the trusted path execution the execution of untrusted binaries
are solved (only can be executed binaries in /sbin /bin /usr/bin and so on,
no one downloaded or compiled by him could be), the problem comes when he
uses one perl script for example to do it.  As Amon Ott said in other thread
it can be necessary or the execute and the read_open privilege (if used as a
normal binary) or only the read_open privilege if we tell perl to interpret
it.

Which I want to stop is to launch this untrusted scripts that only use the
read_open privilege avoiding perl for example to interpreting them, I think
doing it by a role_force way is a proper solution to it (in perl and python
cases). The problem comes with bash.

I am not sure if an "exploit" could be written with a bash script, I imagine
that the person which could do this has to be a genious between others
things. I want to make sure of the imposibility to do it by this way. Thanks
for all and sorry if some of you didn't understand the mail.

More information about the rsbac mailing list